The BBC has followed its recent controversial botnet demonstration with a new filmed demo of how a Trojan attack works - except this time it made sure to ask nicely.
In a clear change from the earlier exercise, which provoked intense ethical debate, this time around the corporation has gone out of its way to make clear it sought …

COMMENTS

Common Sense Prevails

Still crazy what they did the first time, and really there is no excuse the matter has been debated and resolved so many time in the security community that frankly they must have been advised by some complete cowboys or school children.

My interpretation

Bloody scary

when you see it happening.

It seems amazing, to me, that the BBC with its limited funds can find out where, who and what can infect PCs and steal identities, yet the governments of the world appear helpless to do anything about this cyberspace invasion.

If the governments of the world blacklisted Nigeria's IP address (as an example, because supposedly a lot of scam emails come from there), wouldn't the Nigerian government then actually start cleaning up the scammers - for the sake of their, presumably, majority of honest surfers, same with Russia - maybe not so much China, but they should be isolated anyway for their disgusting human rights violations.

Any companies caught giving virtual IPs to any cut off country would be jailed for five years, or sent to live in that country.

Their lawyers weren't stupid.

Lawyers obviously knew what they were doing. They told them they wouldn't get in trouble and they didn't get in trouble. How these lawyers knew in advance that the BBC would get away with crimes that mere mortals are punished for is an interesting question if you have paranoid or merely cynical leanings.

Security Industry

Too right we are annoyed at the BBC for doing the original ridiculous and illegal stunt. We are well aware that if any of us in the security field did such a thing for entertain .. public interest reasons we'd be hauled away, quick as a flash... and now it seems that the security guy they asked also said it would be illegal too.

Missing the point

The problem with the original BBC Click was not that it involved manipulating the PCs of innocent users without their consent. The real issue is that in purchasing the botnet, they have taken a chunk of licence fee money and poured it directly into the pockets of Russian and Ukrainian criminals.

Of course, the BBC broke the law by accessing the compromised PCs, although it could be argued that they did so in the public interest, and caused no damage.

On the other hand, in buying the botnet, the BBC has funded the real criminals and allowed them to build even bigger botnets with which to carry out their scummy activities.

They would actually have been on (slightly) better ethical ground if they'd written the malware themselves.

How interesting

I'm still waiting for the demonstrations on mugging, carjacking, murder and arson. That'll bring in the viewers. Wonder if they'll warn the victims first or just cook them in their beds to show what can happen if you don't screw your mailbox shut. It is powerful public interest after all....

Legal botnet?

Imagine the scenario...

The software to infect the multiple machines would presumably have to be open source, and would have to throw up dialogs along the lines of "Do you want to install this on your computer?" - plus for added legal protection "Are you sure?" and ""You do realise what you're doing, don't you?", plus an EULA describing exactly what the software would do. Due to this process, you'd probably have to wait a few years to "acquire" sufficient machines to carry out the attack; then once the attack was over the software would presumably have to uninstall itself.

Or of course you could pay your lawyers enough money to find a legal loophole to do it the quick way...

You can't do IP blocks

Because most of the scams come from compromised computers. The primary source of spam/scam emails is the USA (http://www.spamhaus.org/rokso/index.lasso).. and the collateral damage from blocking that country - although it would (temporarily) make email useful again and be highly amusing to watch - would be unnaceptable to most people I expect.

I suppose we could just nuke Michigan. It'd take out Ralsky and who'd miss it?